suse · CVE-2020-9488

Quick triage

Priority: low Published: 2021-05-30 14:38:21 UTC Updated: 2025-08-14 01:43:45 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2020-9488 severity low: SUSE including 24 source package names (log4j, log4j-2.13.2-1.9, …), 83 product×package rows across 44 product lines (SUSE Enterprise Storage 7, SUSE Linux Enterprise High Performance Computing 12 SP4, … (44 product lines)): Known Not Affected 63, Fixed 20.

Description:

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1

cvelogic Threat Intelligence